Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ubuntuavast on October 01, 2010, 09:57:47 AM

Title: Non-empty virus chest displayed as being empty - need to restore
Post by: ubuntuavast on October 01, 2010, 09:57:47 AM

Hi,
I am running Ubuntu 10.04 with a Windows 7 virtual machine (Virtualbox). I also just installed Avast 1.3.0 Linux home edition. Did a first virus scan and Avast detected a virus it said. The log says:

2010-10-01 08:09:30   Found virus 'Win32:Zhelatin-gen2 [Wrm]' in file '/home/michael/.VirtualBox/HardDisks/Windows 7.vdi'.

As there is no option to ignore the "virus" I thought I just let Avast put it in the virus chest and then I simply restore it. However, after selecting the "place-in-virus-chest" option, it stalled for a little while (large file, 11GB), then it seems to have shut down/crashed. I opened up Avast again, and had a look at the virus chest. It was empty! However, going to the virus chest directory will show me that there is in fact an 11GB file in there named "000000". How can I restore the file? Will it work if I just copy and paste it into its original location? Why does it not show up in the virus chest?

If there is a virus in there, which I doubt as I just have installed Windows and a few more programs, I of course rather run a virus check from within Windows than deleting the entire OS...

Title: Re: Non-empty virus chest displayed as being empty - need to restore
Post by: Lisandro on October 01, 2010, 01:28:26 PM

It will not work coping and pasting on the original place as the file should have been encrypted (made safe by Chest).
It could be a false positive (or not), anyway, the better will be excluding .vdi files from scanning, install avast into your virtual Windows 7 and run it there.
Ok... I'm not solving your problem as I don't know how to restore the .vdi file...

Title: Re: Non-empty virus chest displayed as being empty - need to restore
Post by: ubuntuavast on October 01, 2010, 01:37:58 PM

OK, so I can't just copy the file... Only one solution then, to restore the file (unless I reinstall the whole shebang). But how can I restore it if it doesn't show up in the virus chest?

Title: Re: Non-empty virus chest displayed as being empty - need to restore
Post by: Lisandro on October 01, 2010, 01:44:21 PM

In Windows we have a .xml file that lists the contents of the Chest.
I'm not sure how it is on Linux and how to manipulate that file.

Title: Re: Non-empty virus chest displayed as being empty - need to restore
Post by: ubuntuavast on October 01, 2010, 03:01:45 PM

I can't find an xml file anywhere. Tried to google it regardning location on ubuntu, but no luck.

Title: Re: Non-empty virus chest displayed as being empty - need to restore
Post by: Lisandro on October 01, 2010, 03:16:18 PM

In Windows it's on C:\ProgramData\Alwil Software\Avast5\chest\index.xml

Code: [Select]

  <?xml version="1.0" encoding="UTF-8" ?>
- <aswObject>
  <NewId>0000000C</NewId>
  <Size>744032</Size>
- <ChestEntry>
  <ChestId>0000000B</ChestId>
  <FileTime>1285910364</FileTime>
  <OrigFileName>Install.exe</OrigFileName>
  <OrigFolder>D:\Install\<...>.zip</OrigFolder>
  <Comment />
  <Virus>Win32:Malware-gen</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1285903164</TransferTime>
  <FileSize>744080</FileSize>
  </ChestEntry>
  </aswObject>

Title: Re: Non-empty virus chest displayed as being empty - need to restore
Post by: ubuntuavast on October 01, 2010, 03:21:54 PM

Maybe my xml file was never created due to the problems (crash). Do you think there is a way to generate an xml file afterwards?

Title: Re: Non-empty virus chest displayed as being empty - need to restore
Post by: Lisandro on October 01, 2010, 03:23:33 PM

Look, I'm an user like you and worse, mainly Windows one...
Need help from the programmers.
But you could try to create the .xml version with that structure to see if it works.